Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PDF virus is kicking my #$@#@


  • This topic is locked This topic is locked
16 replies to this topic

#1 pdfvirusraped

pdfvirusraped

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 25 August 2011 - 01:03 AM

SO, I had been getting notifications that were getting sent to my junk mail in my outlook regarding USPS tracking and upcoming delivery.. It just so happens that I had just purchased tickets from an overseas vendor for an upcoming Devin Townsend Project show that came with a tshirt and a bunch of other promotional items that I was expecting delivery of.. sooo I opened the email, downloaded a pdf file to my desktop..and like a tard, executed it and all hell broke loose. I have been able to stop the bogus windows security software that took over my computer demanding that I purchase it to save my computer from ruin.. however, I still have redirects and other nasty things going on.

I am so glad that there are people willing to take their time to help on this forum, I found it while doing the research I had been doing to get as far as I have with this problem.. but it just doesn't seem like I am going to conquer this thing on my own.




Here is the DDS .. I attempted to get the GMER logs about five times with BSOD and lock ups occurring, I finally gave up.



DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Nick at 16:42:42 on 2011-08-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.581 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\FixCleaner\FixCleaner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Documents and Settings\Nick\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - c:\program files\trend micro\browser guard\TMAMS.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - c:\program files\trend micro\browser guard\tmieg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [FixCleaner] c:\program files\fixcleaner\FixCleaner.exe -boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Cobian Backup 10] "c:\program files\cobian backup 10\Cobian.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [Trend Micro Browser Guard] "c:\program files\trend micro\browser guard\BGUI.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
StartupFolder: c:\docume~1\nick\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\nick\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\nick\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\windows\installer\{70014586-7bba-4a92-a610-cdc896c48f8f}\NewShortcut1_1.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272770512187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{33ABB91B-6159-4763-ADDA-5060418D9DA0} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-1 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-8-21 207280]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2004-8-27 97920]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2004-5-20 10240]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-8-21 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-8-21 59664]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-1 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-1 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-1 243152]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-8-21 233136]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-7-21 93360]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2011-1-5 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-1-5 308136]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-8-25 67584]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-8-19 439632]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-17 366640]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-8-23 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 MBAMProtector;MBAMProtector; [x]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-8-21 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-8-21 365280]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-8-21 1141712]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-8-21 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2074-05-08 01:38:48 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-08-25 21:11:15 -------- d-----w- c:\program files\Maxtor
2011-08-25 21:11:15 -------- d-----w- c:\documents and settings\all users\application data\Maxtor
2011-08-25 21:06:54 -------- d-sh--w- c:\windows\ftpcache
2011-08-25 17:56:04 -------- d-----w- c:\documents and settings\nick\local settings\application data\Safe mirror
2011-08-25 17:48:00 -------- d-----w- c:\program files\Cobian Backup 10
2011-08-25 02:29:48 388096 ------r- c:\documents and settings\nick\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-23 18:25:49 -------- d-----w- c:\program files\common files\Creative Labs Shared
2011-08-23 15:16:02 -------- d-----w- c:\documents and settings\nick\local settings\application data\Browser Guard
2011-08-21 23:42:16 23552 -c--a-w- c:\windows\system32\dllcache\wdmaud.drv
2011-08-21 23:42:16 23552 ----a-w- c:\windows\system32\wdmaud.drv
2011-08-21 21:52:23 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-21 21:52:23 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-08-21 21:52:23 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-08-21 21:45:48 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-21 21:45:25 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-21 21:45:25 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-21 21:45:13 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-21 21:45:05 -------- d-----w- c:\program files\Spyware Doctor
2011-08-21 21:45:05 -------- d-----w- c:\program files\common files\PC Tools
2011-08-21 21:45:05 -------- d-----w- c:\documents and settings\nick\application data\PC Tools
2011-08-21 21:45:05 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-08-21 21:41:37 -------- d-----w- c:\documents and settings\nick\application data\GetRightToGo
2011-08-20 07:03:02 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro
2011-08-20 06:52:44 -------- d-----w- c:\program files\WinPcap
2011-08-20 06:52:17 -------- d-----w- c:\program files\Trend Micro
2011-08-18 21:20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 16:54:23 -------- d-sha-r- C:\cmdcons
2011-08-18 16:48:23 98816 ----a-w- c:\windows\sed.exe
2011-08-18 16:48:23 518144 ----a-w- c:\windows\SWREG.exe
2011-08-18 16:48:23 256000 ----a-w- c:\windows\PEV.exe
2011-08-18 16:48:23 208896 ----a-w- c:\windows\MBR.exe
2011-08-18 16:47:00 -------- d-----w- C:\ComboFix
2011-08-18 07:50:23 -------- d-----w- c:\documents and settings\nick\application data\FixCleaner
2011-08-18 07:50:09 -------- d-----w- c:\program files\FixCleaner
2011-08-18 07:49:27 -------- d-----w- c:\program files\Downloaded Installers
2011-08-18 00:07:02 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-08-18 00:07:02 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-08-18 00:07:02 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-08-18 00:07:02 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-08-18 00:07:02 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-08-18 00:06:59 -------- d-----w- c:\program files\Trojan Remover
2011-08-18 00:06:59 -------- d-----w- c:\documents and settings\nick\application data\Simply Super Software
2011-08-18 00:06:59 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2011-08-17 18:00:15 -------- d-----w- c:\documents and settings\nick\local settings\application data\PCHealth
2011-08-17 16:16:09 -------- d-----w- c:\documents and settings\nick\application data\Malwarebytes
2011-08-17 16:16:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 16:15:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-17 16:15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-17 14:36:34 -------- d-----w- c:\windows\pss
2011-08-10 20:27:30 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 20:26:08 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 22:00:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-09 08:02:51 -------- d-sh--w- c:\documents and settings\nick\IECompatCache
2011-08-01 08:46:04 -------- d-----w- c:\documents and settings\nick\local settings\application data\Help
.
==================== Find3M ====================
.
2011-08-23 18:23:31 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-23 18:23:30 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-09 21:59:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-02 08:58:50 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC34 -> Harddisk0\DR0 -> \Device\Scsi\si3112r1Port2Path0Target0Lun0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87043F16]<<
_asm { PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]; CMP DWORD [EAX+0x2c], 0x7; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; PUSH EDI; MOV EDI, [EBX+0x60]; JNZ 0x17e; MOV ESI, [EDI+0x4]; MOV EAX, [ESI+0xc]; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x87385AB8]
3 CLASSPNP[0xF750FFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8735DC60]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; PUSH CS; POP DS; PUSH CS; POP ES; PUSHAD ; MOV [0x7e00], DL; MOV BYTE [0x7e04], 0x1e; MOV AH, 0x48; MOV SI, 0x7e04; INT 0x13; MOV AL, 0x50; JB 0x19b; }
user != kernel MBR !!!
sectors 976773038 (+127): user != kernel
.
============= FINISH: 16:49:14.93 ==============



I downloaded combo fix and ran that, along with a few other things, I also noticed that hijack this was a part of this process so I downloaded that and here is the log -


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:21 PM, on 8/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: IEGBH0 - {9F3209E2-334B-41E9-B09C-703F398742E7} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll
O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe /FAIL2
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [FixCleaner] C:\Program Files\FixCleaner\FixCleaner.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Nick\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272770512187
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 11166 bytes


Thank you to whomever decides they have the time to help me through this !! =)

Attached Files


Edited by pdfvirusraped, 25 August 2011 - 08:05 PM.


BC AdBot (Login to Remove)

 


#2 pdfvirusraped

pdfvirusraped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 25 August 2011 - 07:46 PM

Here is the DDS .. I attempted to get the GMER logs about five times with BSOD and lock ups occurring, I finally gave up.



DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Nick at 16:42:42 on 2011-08-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.581 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\FixCleaner\FixCleaner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Documents and Settings\Nick\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - c:\program files\trend micro\browser guard\TMAMS.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - c:\program files\trend micro\browser guard\tmieg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [FixCleaner] c:\program files\fixcleaner\FixCleaner.exe -boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Cobian Backup 10] "c:\program files\cobian backup 10\Cobian.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [Trend Micro Browser Guard] "c:\program files\trend micro\browser guard\BGUI.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
StartupFolder: c:\docume~1\nick\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\nick\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\nick\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\windows\installer\{70014586-7bba-4a92-a610-cdc896c48f8f}\NewShortcut1_1.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272770512187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{33ABB91B-6159-4763-ADDA-5060418D9DA0} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-1 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-8-21 207280]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2004-8-27 97920]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2004-5-20 10240]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-8-21 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-8-21 59664]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-1 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-1 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-1 243152]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-8-21 233136]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-7-21 93360]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2011-1-5 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-1-5 308136]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-8-25 67584]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-8-19 439632]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-17 366640]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-8-23 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 MBAMProtector;MBAMProtector; [x]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-8-21 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-8-21 365280]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-8-21 1141712]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-8-21 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2074-05-08 01:38:48 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-08-25 21:11:15 -------- d-----w- c:\program files\Maxtor
2011-08-25 21:11:15 -------- d-----w- c:\documents and settings\all users\application data\Maxtor
2011-08-25 21:06:54 -------- d-sh--w- c:\windows\ftpcache
2011-08-25 17:56:04 -------- d-----w- c:\documents and settings\nick\local settings\application data\Safe mirror
2011-08-25 17:48:00 -------- d-----w- c:\program files\Cobian Backup 10
2011-08-25 02:29:48 388096 ------r- c:\documents and settings\nick\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-23 18:25:49 -------- d-----w- c:\program files\common files\Creative Labs Shared
2011-08-23 15:16:02 -------- d-----w- c:\documents and settings\nick\local settings\application data\Browser Guard
2011-08-21 23:42:16 23552 -c--a-w- c:\windows\system32\dllcache\wdmaud.drv
2011-08-21 23:42:16 23552 ----a-w- c:\windows\system32\wdmaud.drv
2011-08-21 21:52:23 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-21 21:52:23 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-08-21 21:52:23 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-08-21 21:45:48 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-21 21:45:25 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-21 21:45:25 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-21 21:45:13 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-21 21:45:05 -------- d-----w- c:\program files\Spyware Doctor
2011-08-21 21:45:05 -------- d-----w- c:\program files\common files\PC Tools
2011-08-21 21:45:05 -------- d-----w- c:\documents and settings\nick\application data\PC Tools
2011-08-21 21:45:05 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-08-21 21:41:37 -------- d-----w- c:\documents and settings\nick\application data\GetRightToGo
2011-08-20 07:03:02 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro
2011-08-20 06:52:44 -------- d-----w- c:\program files\WinPcap
2011-08-20 06:52:17 -------- d-----w- c:\program files\Trend Micro
2011-08-18 21:20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 16:54:23 -------- d-sha-r- C:\cmdcons
2011-08-18 16:48:23 98816 ----a-w- c:\windows\sed.exe
2011-08-18 16:48:23 518144 ----a-w- c:\windows\SWREG.exe
2011-08-18 16:48:23 256000 ----a-w- c:\windows\PEV.exe
2011-08-18 16:48:23 208896 ----a-w- c:\windows\MBR.exe
2011-08-18 16:47:00 -------- d-----w- C:\ComboFix
2011-08-18 07:50:23 -------- d-----w- c:\documents and settings\nick\application data\FixCleaner
2011-08-18 07:50:09 -------- d-----w- c:\program files\FixCleaner
2011-08-18 07:49:27 -------- d-----w- c:\program files\Downloaded Installers
2011-08-18 00:07:02 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-08-18 00:07:02 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-08-18 00:07:02 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-08-18 00:07:02 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-08-18 00:07:02 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-08-18 00:06:59 -------- d-----w- c:\program files\Trojan Remover
2011-08-18 00:06:59 -------- d-----w- c:\documents and settings\nick\application data\Simply Super Software
2011-08-18 00:06:59 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2011-08-17 18:00:15 -------- d-----w- c:\documents and settings\nick\local settings\application data\PCHealth
2011-08-17 16:16:09 -------- d-----w- c:\documents and settings\nick\application data\Malwarebytes
2011-08-17 16:16:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 16:15:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-17 16:15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-17 14:36:34 -------- d-----w- c:\windows\pss
2011-08-10 20:27:30 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 20:26:08 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 22:00:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-09 08:02:51 -------- d-sh--w- c:\documents and settings\nick\IECompatCache
2011-08-01 08:46:04 -------- d-----w- c:\documents and settings\nick\local settings\application data\Help
.
==================== Find3M ====================
.
2011-08-23 18:23:31 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-23 18:23:30 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-09 21:59:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-02 08:58:50 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC34 -> Harddisk0\DR0 -> \Device\Scsi\si3112r1Port2Path0Target0Lun0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87043F16]<<
_asm { PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]; CMP DWORD [EAX+0x2c], 0x7; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; PUSH EDI; MOV EDI, [EBX+0x60]; JNZ 0x17e; MOV ESI, [EDI+0x4]; MOV EAX, [ESI+0xc]; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x87385AB8]
3 CLASSPNP[0xF750FFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8735DC60]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; PUSH CS; POP DS; PUSH CS; POP ES; PUSHAD ; MOV [0x7e00], DL; MOV BYTE [0x7e04], 0x1e; MOV AH, 0x48; MOV SI, 0x7e04; INT 0x13; MOV AL, 0x50; JB 0x19b; }
user != kernel MBR !!!
sectors 976773038 (+127): user != kernel
.
============= FINISH: 16:49:14.93 ===============

#3 pdfvirusraped

pdfvirusraped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 27 August 2011 - 02:55 PM

OTL LOG -


OTL logfile created on: 8/26/2011 12:26:25 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Nick\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.49 Mb Total Physical Memory | 335.72 Mb Available Physical Memory | 32.80% Memory free
2.41 Gb Paging File | 1.64 Gb Available in Paging File | 67.99% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 130.61 Gb Free Space | 28.04% Space Free | Partition Type: NTFS

Computer Name: NICK-S7FA570V3Q | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/26 11:55:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\My Documents\Downloads\OTL.exe
PRC - [2011/03/14 20:23:42 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/02/25 20:21:50 | 000,665,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe
PRC - [2011/02/25 20:20:58 | 000,787,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Browser Guard\BGUI.exe
PRC - [2011/01/05 12:38:28 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2011/01/05 12:38:28 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011/01/05 12:38:25 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/01/05 12:38:23 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2011/01/05 12:38:22 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2011/01/05 12:38:22 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2011/01/05 12:38:21 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/29 14:20:26 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/01/27 04:30:16 | 001,312,848 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/11/08 20:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/09/06 14:53:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2006/11/17 17:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTSched.exe
PRC - [2005/03/17 17:43:34 | 000,909,312 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
PRC - [2003/07/02 10:03:54 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/19 22:41:19 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2011/08/19 22:41:19 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3470.20931__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2011/08/19 22:41:18 | 001,732,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/08/19 22:41:18 | 000,339,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3470.20826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:18 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/08/19 22:41:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/08/19 22:41:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3470.20835__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:18 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2011/08/19 22:41:18 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2011/08/19 22:41:17 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3470.20887__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2011/08/19 22:41:17 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/08/19 22:41:17 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3470.20901__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011/08/19 22:41:17 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3470.20896__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3470.20878__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:17 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:16 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3470.20835__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:16 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3470.20916__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:15 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:15 | 000,241,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3470.20855__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/08/19 22:41:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3470.20855__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:14 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3470.20882__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:13 | 000,643,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3470.20926__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:13 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3470.20925__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:12 | 000,782,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:12 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3470.20891__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/08/19 22:41:11 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3470.20847__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:11 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3470.20836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:11 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:11 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:11 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3470.20875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:10 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3470.20897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:10 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3470.20865__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3470.20850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:10 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:09 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3470.20879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:09 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:09 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/08/19 22:41:09 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/08/19 22:41:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/08/19 22:41:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/08/19 22:41:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/08/19 22:41:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/08/19 22:41:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/08/19 22:41:07 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/08/19 22:41:07 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/08/19 22:41:07 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/08/19 22:41:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/08/19 22:41:05 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/08/19 22:41:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2011/08/19 22:41:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/08/19 22:41:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011/08/19 22:41:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/08/19 22:41:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/08/19 22:41:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/08/19 22:41:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/08/19 22:41:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/08/19 22:41:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/08/19 22:41:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/08/19 22:41:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/08/19 22:41:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/08/19 22:41:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/08/19 22:41:03 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/08/19 22:41:03 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/08/19 22:41:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/08/19 22:41:03 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll
MOD - [2011/08/19 22:41:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2011/08/19 22:41:03 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/08/19 22:41:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2011/08/19 22:41:01 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/08/19 22:41:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/08/19 22:41:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011/08/19 22:40:59 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/08/19 22:40:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011/08/19 22:40:58 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/08/19 22:40:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011/08/19 22:40:55 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/08/19 22:40:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/08/19 22:40:52 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/08/19 22:40:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011/08/19 22:40:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/08/19 22:40:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/08/19 22:40:43 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3470.20939__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011/08/19 22:40:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3470.20921__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/08/19 22:40:40 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3470.20822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/08/19 22:40:39 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/08/19 22:40:38 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/08/19 22:40:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011/08/19 22:40:36 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3470.20910__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/08/19 22:40:35 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/08/19 22:40:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/08/19 22:40:34 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3470.20908__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/08/19 22:40:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/08/19 22:40:33 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/08/19 22:40:32 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/08/19 22:40:31 | 000,552,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3470.20904__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/08/19 22:40:30 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3470.20825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/08/19 22:40:30 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/08/19 22:40:29 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3470.20824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/08/19 22:40:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/08/19 22:40:17 | 001,212,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3470.20831__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/08/19 22:40:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/08/19 22:40:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011/08/19 22:40:14 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3470.20910__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/08/19 22:40:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/08/19 22:40:09 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3470.20824__90ba9c70f846762e\APM.Server.dll
MOD - [2011/08/19 22:40:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3470.20822__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/08/10 16:35:32 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
MOD - [2011/08/10 16:35:11 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
MOD - [2011/08/10 16:34:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 15:14:55 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 15:14:35 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 15:13:44 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 15:09:23 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/30 08:39:14 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/06/30 00:10:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/08/24 19:06:46 | 000,085,840 | ---- | M] () -- C:\Program Files\Trend Micro\RUBotted\hc_help.dll
MOD - [2008/10/30 13:39:12 | 000,016,384 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2005/03/17 17:43:34 | 000,909,312 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
MOD - [2005/03/10 14:55:44 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WlanDll.dll
MOD - [2002/05/03 14:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2001/10/28 09:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/23 11:25:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/05 12:38:25 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/01/05 12:38:23 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/29 14:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2003/10/22 09:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/05 08:53:03 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/01/05 12:38:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/01/05 12:38:23 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011/01/05 12:38:22 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/07/21 18:50:59 | 000,093,360 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/10 04:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 04:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/11/08 20:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/02 11:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/02/22 15:54:10 | 000,265,984 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2004/08/27 09:18:50 | 000,097,920 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112r.sys -- (si3112r)
DRV - [2004/05/20 10:35:16 | 000,010,240 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
DRV - [2004/05/20 10:35:16 | 000,010,240 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003/10/23 06:28:00 | 000,174,336 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003/08/12 18:45:00 | 000,311,552 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2003/08/12 18:45:00 | 000,036,864 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2003/06/06 15:53:16 | 000,070,656 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/19 00:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Nick\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/08/18 14:39:46 | 000,000,002 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {9F3209E2-334B-41E9-B09C-703F398742E7} - No CLSID value found.
O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk = C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe ()
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Nick\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272770512187 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/01 19:21:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 23:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/08/25 23:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/08/25 23:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/08/25 23:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Qualys
[2011/08/25 14:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Maxtor
[2011/08/25 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Maxtor
[2011/08/25 14:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/08/25 14:06:54 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/08/25 10:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Safe mirror
[2011/08/25 10:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/08/24 23:10:08 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Nick\Desktop\dds.scr
[2011/08/24 19:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\HiJackThis
[2011/08/23 11:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2011/08/23 08:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Browser Guard
[2011/08/23 08:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro Browser Guard
[2011/08/23 08:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Browser Guard
[2011/08/22 16:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Desktop\wp-optimize
[2011/08/21 16:42:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.drv
[2011/08/21 14:52:23 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/08/21 14:52:23 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/08/21 14:52:23 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/08/21 14:45:48 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/08/21 14:45:25 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/08/21 14:45:25 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/08/21 14:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor
[2011/08/21 14:45:13 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/08/21 14:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/08/21 14:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/08/21 14:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\PC Tools
[2011/08/21 14:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/08/21 14:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\GetRightToGo
[2011/08/20 01:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\TMRBLog
[2011/08/20 01:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\log
[2011/08/20 01:33:36 | 008,570,384 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Nick\My Documents\RootkitBuster.exe
[2011/08/20 00:03:02 | 000,000,000 | ---D | C] -- C:%5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 28 August 2011 - 06:05 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pdfvirusraped

pdfvirusraped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 29 August 2011 - 12:38 PM

I ran combo fix and got an error - error opening file for writing

C:/32788R22FWJFW\iexplore.exe

I hit ignore and attemtped to continue and then an end program box came up stating that it could not end the program.

I am guessing I should run combo fix in safe mode to get around this, is that correct?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 29 August 2011 - 01:22 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pdfvirusraped

pdfvirusraped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 29 August 2011 - 03:33 PM

Turns out that ComboFix was still running after-all .. here is the log.



ComboFix 11-08-27.01 - Nick 08/29/2011 11:01:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.318 [GMT -7:00]
Running from: c:\documents and settings\Nick\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2074-05-08 01:38 . 2006-11-22 03:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-08-27 07:32 . 2011-08-27 07:32 -------- d-----w- C:\temp
2011-08-26 06:31 . 2011-08-29 16:46 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-26 06:31 . 2011-08-26 06:31 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-26 06:29 . 2011-08-26 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-08-26 06:11 . 2011-08-26 06:11 -------- d-----w- c:\documents and settings\Nick\Application Data\Qualys
2011-08-25 21:11 . 2011-08-25 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Maxtor
2011-08-25 21:11 . 2011-08-25 21:11 -------- d-----w- c:\program files\Maxtor
2011-08-25 21:06 . 2011-08-25 21:06 -------- d-sh--w- c:\windows\ftpcache
2011-08-25 17:56 . 2011-08-25 17:56 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Safe mirror
2011-08-25 17:48 . 2011-08-26 00:23 -------- d-----w- c:\program files\Cobian Backup 10
2011-08-25 02:29 . 2011-08-25 02:29 388096 ------r- c:\documents and settings\Nick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-23 18:25 . 2011-08-23 18:25 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2011-08-23 15:16 . 2011-08-23 15:21 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Browser Guard
2011-08-21 23:42 . 2008-04-14 00:12 23552 -c--a-w- c:\windows\system32\dllcache\wdmaud.drv
2011-08-21 23:42 . 2008-04-14 00:12 23552 ----a-w- c:\windows\system32\wdmaud.drv
2011-08-21 21:52 . 2010-02-02 17:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-21 21:52 . 2010-02-02 17:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-08-21 21:52 . 2010-02-02 17:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-08-21 21:45 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-21 21:45 . 2009-10-06 23:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-21 21:45 . 2009-09-23 23:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-21 21:45 . 2010-02-05 16:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-21 21:45 . 2011-08-29 17:23 -------- d-----w- c:\program files\Spyware Doctor
2011-08-21 21:45 . 2011-08-21 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-08-21 21:45 . 2011-08-21 21:52 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-21 21:45 . 2011-08-21 21:45 -------- d-----w- c:\documents and settings\Nick\Application Data\PC Tools
2011-08-21 21:41 . 2011-08-21 21:44 -------- d-----w- c:\documents and settings\Nick\Application Data\GetRightToGo
2011-08-20 07:03 . 2011-08-20 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-08-20 06:52 . 2011-08-20 06:52 -------- d-----w- c:\program files\WinPcap
2011-08-20 06:52 . 2011-08-25 02:29 -------- d-----w- c:\program files\Trend Micro
2011-08-18 21:20 . 2011-08-18 21:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 07:50 . 2011-08-18 07:50 -------- d-----w- c:\documents and settings\Nick\Application Data\FixCleaner
2011-08-18 07:50 . 2011-08-26 00:23 -------- d-----w- c:\program files\FixCleaner
2011-08-18 00:07 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-08-18 00:07 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-08-18 00:07 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-08-18 00:07 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-08-18 00:07 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-08-18 00:06 . 2011-08-26 00:24 -------- d-----w- c:\program files\Trojan Remover
2011-08-17 18:00 . 2011-08-17 18:00 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\PCHealth
2011-08-17 16:16 . 2011-08-17 16:16 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2011-08-17 16:16 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 16:15 . 2011-08-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-17 16:15 . 2011-08-17 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-10 20:27 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 20:26 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 22:03 . 2011-08-09 22:03 -------- d-----w- c:\program files\Common Files\Java
2011-08-09 22:00 . 2011-08-09 21:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-09 17:05 . 2011-08-09 17:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-09 08:02 . 2011-08-09 08:02 -------- d-sh--w- c:\documents and settings\Nick\IECompatCache
2011-08-01 08:46 . 2011-08-01 08:46 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 18:23 . 2010-05-06 21:07 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-23 18:23 . 2010-05-02 02:53 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-09 21:59 . 2010-09-13 21:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-02 08:58 . 2010-05-02 22:46 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-15 13:29 . 2002-08-29 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-05-02 02:18 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 14:02 . 2002-08-29 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-18_17.44.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 08:19 . 2007-11-07 08:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 12:07 . 2008-07-29 12:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 12:07 . 2008-07-29 12:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 07:26 . 2006-12-02 07:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:56 . 2006-12-02 05:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2010-05-18 00:33 . 2010-05-18 00:33 65536 c:\windows\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8\MOM.EXE
+ 2011-08-20 05:41 . 2011-08-20 05:41 65536 c:\windows\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8\MOM.EXE
+ 2011-08-20 05:40 . 2011-08-20 05:40 86016 c:\windows\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3470.20909_x-ww_f61a60c1\LOG.EXE
- 2010-05-18 00:32 . 2010-05-18 00:32 86016 c:\windows\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3470.20909_x-ww_f61a60c1\LOG.EXE
+ 2011-08-20 05:41 . 2011-08-20 05:41 65536 c:\windows\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733\CLI.EXE
- 2010-05-18 00:33 . 2010-05-18 00:33 65536 c:\windows\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733\CLI.EXE
+ 2011-08-20 05:41 . 2011-08-20 05:41 65536 c:\windows\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0\CCC.EXE
- 2010-05-18 00:33 . 2010-05-18 00:33 65536 c:\windows\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0\CCC.EXE
+ 2011-08-21 18:51 . 2011-08-21 18:51 16384 c:\windows\Temp\Perflib_Perfdata_198.dat
+ 2010-05-02 04:21 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2010-05-02 04:21 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2011-08-25 21:36 . 2007-05-03 20:37 22152 c:\windows\system32\ReinstallBackups\0006\DriverFiles\mxopswd.sys
+ 2009-10-20 18:19 . 2009-10-20 18:19 53299 c:\windows\system32\pthreadVC.dll
+ 2002-08-29 12:00 . 2011-08-22 05:49 72274 c:\windows\system32\perfc009.dat
- 2002-08-29 12:00 . 2011-08-18 00:19 72274 c:\windows\system32\perfc009.dat
+ 2009-10-20 18:19 . 2009-10-20 18:19 50704 c:\windows\system32\drivers\npf.sys
+ 2007-05-03 20:37 . 2007-05-03 20:37 22152 c:\windows\system32\drivers\mxopswd.sys
+ 2011-07-03 03:05 . 2011-08-26 06:12 87940 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2011-08-02 12:54 . 2011-08-02 12:54 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2011-06-10 14:01 . 2011-06-10 14:01 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2011-06-10 13:47 . 2011-06-10 13:47 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2011-07-15 11:39 . 2011-07-15 11:39 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2011-07-15 11:39 . 2011-07-15 11:39 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
- 2011-06-10 13:47 . 2011-06-10 13:47 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2011-08-02 12:55 . 2011-08-02 12:55 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2011-08-23 15:16 . 2011-08-23 15:16 33280 c:\windows\Installer\e7166.msi
+ 2011-08-25 21:11 . 2011-08-25 21:36 45056 c:\windows\Installer\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\NewShortcut3_D5E5682B2798457BBBF70892B58EFF3A.exe
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 16384 c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Private\2.0.3428.28322__90ba9c70f846762e\PCKGHLP.Foundation.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 16384 c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Private\2.0.3428.28322__90ba9c70f846762e\PCKGHLP.Foundation.Private.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 19968 c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Implementation\2.0.3470.20921__90ba9c70f846762e\PCKGHLP.Foundation.Implementation.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 19968 c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Implementation\2.0.3470.20921__90ba9c70f846762e\PCKGHLP.Foundation.Implementation.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 28672 c:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 28672 c:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 65536 c:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
+ 2011-08-20 05:41 . 2011-08-20 05:41 65536 c:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 86016 c:\windows\assembly\GAC_MSIL\LOG\2.0.3470.20909__90ba9c70f846762e\LOG.EXE
+ 2011-08-20 05:40 . 2011-08-20 05:40 86016 c:\windows\assembly\GAC_MSIL\LOG\2.0.3470.20909__90ba9c70f846762e\LOG.EXE
- 2010-05-18 00:33 . 2010-05-18 00:33 32768 c:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 32768 c:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 36864 c:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 36864 c:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 65536 c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3470.20908__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 65536 c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3470.20908__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\DEM.OS\2.0.3337.29364__90ba9c70f846762e\DEM.OS.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\DEM.OS\2.0.3337.29364__90ba9c70f846762e\DEM.OS.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 20480 c:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3337.29328__90ba9c70f846762e\DEM.OS.I0602.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3337.29328__90ba9c70f846762e\DEM.OS.I0602.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 20480 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 45056 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 45056 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 65536 c:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
+ 2011-08-20 05:41 . 2011-08-20 05:41 65536 c:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\CLI.Implementation\2.0.3470.20821__90ba9c70f846762e\CLI.Implementation.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\CLI.Implementation\2.0.3470.20821__90ba9c70f846762e\CLI.Implementation.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 94208 c:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 94208 c:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 28672 c:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 28672 c:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 40960 c:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 40960 c:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 24576 c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 24576 c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 57344 c:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3470.20825__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 57344 c:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3470.20825__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 57344 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3470.20824__90ba9c70f846762e\CLI.Component.Runtime.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 57344 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3470.20824__90ba9c70f846762e\CLI.Component.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 45056 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 45056 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 81920 c:\windows\assembly\GAC_MSIL\CLI.Component.PowerXpressHybrid\2.0.3470.20935__90ba9c70f846762e\CLI.Component.PowerXpressHybrid.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 81920 c:\windows\assembly\GAC_MSIL\CLI.Component.PowerXpressHybrid\2.0.3470.20935__90ba9c70f846762e\CLI.Component.PowerXpressHybrid.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Load\2.0.3470.20908__90ba9c70f846762e\CLI.Component.Load.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Load\2.0.3470.20908__90ba9c70f846762e\CLI.Component.Load.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Icomponent\2.0.3470.20846__90ba9c70f846762e\CLI.Component.Icomponent.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Icomponent\2.0.3470.20846__90ba9c70f846762e\CLI.Component.Icomponent.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Help\2.0.3470.20908__90ba9c70f846762e\CLI.Component.Help.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Help\2.0.3470.20908__90ba9c70f846762e\CLI.Component.Help.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 61440 c:\windows\assembly\GAC_MSIL\CLI.Component.Erecord\2.0.3470.20855__90ba9c70f846762e\CLI.Component.Erecord.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 61440 c:\windows\assembly\GAC_MSIL\CLI.Component.Erecord\2.0.3470.20855__90ba9c70f846762e\CLI.Component.Erecord.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 24576 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 24576 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 65536 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager.Resources\2.0.3470.20861__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.Resources.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 65536 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager.Resources\2.0.3470.20861__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.Resources.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 65536 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager.Resources\2.0.3470.20860__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.Resources.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 65536 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager.Resources\2.0.3470.20860__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.Resources.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 40960 c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 40960 c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 24576 c:\windows\assembly\GAC_MSIL\CLI.Component.AutoRemoval\2.0.3470.20896__90ba9c70f846762e\CLI.Component.Autoremoval.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 24576 c:\windows\assembly\GAC_MSIL\CLI.Component.AutoRemoval\2.0.3470.20896__90ba9c70f846762e\CLI.Component.Autoremoval.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 11776 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 11776 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 40960 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 40960 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 98304 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 98304 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 73728 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3470.20835__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 73728 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3470.20835__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Shared\2.0.3428.28322__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Shared\2.0.3428.28322__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Runtime\2.0.3470.20931__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Runtime\2.0.3470.20931__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 86016 c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard\2.0.3470.20930__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 86016 c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard\2.0.3470.20930__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 45056 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3470.20916__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 45056 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3470.20916__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3470.20855__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3470.20855__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 94208 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 94208 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 53248 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 53248 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3470.20882__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3470.20882__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 19968 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3470.20925__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 19968 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3470.20925__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 45056 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3470.20914__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 45056 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3470.20914__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 49152 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3470.20917__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 49152 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3470.20917__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 49152 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3470.20877__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 49152 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3470.20877__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 77824 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3470.20925__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 77824 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3470.20925__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 69632 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3470.20855__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 69632 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3470.20855__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3428.28326__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3428.28326__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Runtime\2.0.3470.20929__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Runtime\2.0.3470.20929__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Runtime\2.0.3470.20910__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Runtime\2.0.3470.20910__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Runtime.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 45056 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 45056 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3470.20933__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3470.20933__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 53248 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 53248 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 81920 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 81920 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 10240 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3470.20932__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 10240 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3470.20932__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3470.20932__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3470.20932__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3470.20835__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3470.20835__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 10240 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3470.20928__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 10240 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3470.20928__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 69632 c:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Shared\2.0.3428.28321__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 69632 c:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Shared\2.0.3428.28321__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 73728 c:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Runtime\2.0.3470.20938__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 73728 c:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Runtime\2.0.3470.20938__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3470.20875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3470.20875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 94208 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 94208 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3470.20850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3470.20850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 65536 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 65536 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 77824 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3470.20896__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 77824 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3470.20896__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 49152 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 49152 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 65536 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3470.20878__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 65536 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3470.20878__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 53248 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 53248 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 12800 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3470.20931__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 12800 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3470.20931__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3470.20932__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3470.20932__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 98304 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard\2.0.3470.20861__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 98304 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard\2.0.3470.20861__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 57344 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3470.20940__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 57344 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3470.20940__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3428.28327__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3428.28327__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Runtime\2.0.3470.20937__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Runtime\2.0.3470.20937__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 57344 c:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Dashboard\2.0.3470.20937__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 57344 c:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Dashboard\2.0.3470.20937__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Dashboard.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.3428.28326__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.3428.28326__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 12288 c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Runtime\2.0.3470.20920__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 12288 c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Runtime\2.0.3470.20920__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Dashboard\2.0.3470.20920__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Dashboard\2.0.3470.20920__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 65536 c:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
+ 2011-08-20 05:41 . 2011-08-20 05:41 65536 c:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
- 2010-05-18 00:32 . 2010-05-18 00:32 19456 c:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3470.20910__90ba9c70f846762e\CCC.Implementation.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 19456 c:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3470.20910__90ba9c70f846762e\CCC.Implementation.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 14848 c:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 14848 c:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 45056 c:\windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 45056 c:\windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 32768 c:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 32768 c:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 61440 c:\windows\assembly\GAC_MSIL\APM.Server\2.0.3470.20824__90ba9c70f846762e\APM.Server.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 61440 c:\windows\assembly\GAC_MSIL\APM.Server\2.0.3470.20824__90ba9c70f846762e\APM.Server.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 61440 c:\windows\assembly\GAC_MSIL\AEM.UI\2.0.3470.20909__90ba9c70f846762e\AEM.UI.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 61440 c:\windows\assembly\GAC_MSIL\AEM.UI\2.0.3470.20909__90ba9c70f846762e\AEM.UI.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 20480 c:\windows\assembly\GAC_MSIL\AEM.UI.Shared\2.0.3428.28321__90ba9c70f846762e\AEM.UI.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 20480 c:\windows\assembly\GAC_MSIL\AEM.UI.Shared\2.0.3428.28321__90ba9c70f846762e\AEM.UI.Shared.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 45056 c:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3470.20822__90ba9c70f846762e\AEM.Server.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 45056 c:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3470.20822__90ba9c70f846762e\AEM.Server.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 16384 c:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 16384 c:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 45056 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3470.20921__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 45056 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3470.20921__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.3428.28326__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.3428.28326__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.3428.28325__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.3428.28325__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 20480 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 20480 c:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 20480 c:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 24576 c:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 24576 c:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 13312 c:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 13312 c:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 49152 c:\windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 49152 c:\windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
+ 2011-08-25 07:45 . 2011-08-25 07:46 4784 c:\windows\system32\config\systemprofile\Local Settings\Application Data\prvlcl.dat
+ 2011-08-20 05:40 . 2011-08-20 05:40 7168 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3470.20822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 7168 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3470.20822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 7680 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3470.20931__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 7680 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3470.20931__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 8704 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 8704 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 7680 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 7680 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 9728 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3470.20933__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 9728 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3470.20933__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 7168 c:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 7168 c:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
- 2008-07-29 14:05 . 2008-07-29 14:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 09:54 . 2008-07-29 09:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2006-12-02 05:54 . 2006-12-02 05:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 05:54 . 2006-12-02 05:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 05:54 . 2006-12-02 05:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-10-20 18:19 . 2009-10-20 18:19 281104 c:\windows\system32\wpcap.dll
- 2002-08-29 12:00 . 2011-08-18 00:19 444016 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2011-08-22 05:49 444016 c:\windows\system32\perfh009.dat
+ 2009-10-20 18:19 . 2009-10-20 18:19 100880 c:\windows\system32\Packet.dll
+ 2011-08-18 21:20 . 2011-08-18 21:20 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
+ 2011-08-18 21:20 . 2011-08-18 21:20 328864 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll
- 2011-06-10 13:47 . 2011-06-10 13:47 279992 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2011-07-15 11:39 . 2011-07-15 11:39 279992 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2011-08-02 12:54 . 2011-08-02 12:54 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2011-08-02 12:55 . 2011-08-02 12:55 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2011-08-02 12:54 . 2011-08-02 12:54 365056 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2011-08-02 12:43 . 2011-08-02 12:43 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2011-08-02 12:56 . 2011-08-02 12:56 892416 c:\windows\system32\Adobe\Shockwave 11\gi.dll
- 2011-06-10 14:03 . 2011-06-10 14:03 892416 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2011-08-02 12:53 . 2011-08-02 12:53 542720 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2011-08-02 13:01 . 2011-08-02 13:01 112568 c:\windows\system32\Adobe\Director\SWDNLD.EXE
- 2011-06-13 08:50 . 2011-06-13 08:50 112568 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2011-08-02 13:01 . 2011-08-02 13:01 279480 c:\windows\system32\Adobe\Director\SwDir.dll
- 2011-06-13 08:50 . 2011-06-13 08:50 279480 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2011-08-02 12:55 . 2011-08-02 12:55 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
- 2011-06-10 14:02 . 2011-06-10 14:02 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2011-08-25 21:11 . 2011-08-25 21:36 454656 c:\windows\Installer\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\NewShortcut2_60EEB642E9E045A2A676B9D8FE17C4A9.exe
+ 2011-08-25 21:11 . 2011-08-25 21:36 454656 c:\windows\Installer\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\NewShortcut1_D5E5682B2798457BBBF70892B58EFF3A.exe
+ 2011-08-25 21:11 . 2011-08-25 21:36 454656 c:\windows\Installer\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\ARPPRODUCTICON.exe
- 2010-05-18 00:32 . 2010-05-18 00:32 651264 c:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3470.20939__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 651264 c:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3470.20939__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 106496 c:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3470.20910__90ba9c70f846762e\MOM.Implementation.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 106496 c:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3470.20910__90ba9c70f846762e\MOM.Implementation.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 131072 c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 131072 c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 405504 c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Component.Wizard.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 405504 c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Component.Wizard.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 552960 c:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3470.20904__90ba9c70f846762e\CLI.Component.Systemtray.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 552960 c:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3470.20904__90ba9c70f846762e\CLI.Component.Systemtray.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 278528 c:\windows\assembly\GAC_MSIL\CLI.Component.Launchpad\2.0.3470.20925__90ba9c70f846762e\CLI.Component.Launchpad.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 278528 c:\windows\assembly\GAC_MSIL\CLI.Component.Launchpad\2.0.3470.20925__90ba9c70f846762e\CLI.Component.Launchpad.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 147456 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager\2.0.3470.20860__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 147456 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager\2.0.3470.20860__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 155648 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager\2.0.3470.20860__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 155648 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager\2.0.3470.20860__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 339968 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3470.20826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 339968 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3470.20826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 139264 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 139264 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 491520 c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 491520 c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 241664 c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3470.20855__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 241664 c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3470.20855__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 331776 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 331776 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 102400 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3470.20924__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 102400 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3470.20924__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 118784 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 118784 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 114688 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3470.20917__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 114688 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3470.20917__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 139264 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3470.20877__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 139264 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3470.20877__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 643072 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3470.20926__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 643072 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3470.20926__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 122880 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Dashboard\2.0.3470.20930__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 122880 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Dashboard\2.0.3470.20930__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 167936 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Dashboard\2.0.3470.20911__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 167936 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Dashboard\2.0.3470.20911__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 163840 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3470.20872__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 163840 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3470.20872__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 241664 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3470.20934__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 241664 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3470.20934__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 409600 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3470.20891__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 409600 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3470.20891__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 782336 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 782336 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 212992 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3470.20933__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 212992 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3470.20933__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 204800 c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 204800 c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 196608 c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 196608 c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 311296 c:\windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3470.20934__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 311296 c:\windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3470.20934__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 147456 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3470.20928__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 147456 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3470.20928__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 315392 c:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Dashboard\2.0.3470.20938__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 315392 c:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Dashboard\2.0.3470.20938__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 950272 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3470.20941__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 950272 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3470.20941__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 409600 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3470.20836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 409600 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3470.20836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 573440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3470.20847__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 573440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3470.20847__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 364544 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3470.20901__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 364544 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3470.20901__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 749568 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3470.20897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 749568 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3470.20897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 286720 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3470.20861__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 286720 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3470.20861__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 307200 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3470.20851__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 307200 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3470.20851__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 315392 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3470.20877__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 315392 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3470.20877__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 360448 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3470.20865__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 360448 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3470.20865__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 692224 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3470.20887__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 692224 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3470.20887__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 630784 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3470.20879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 630784 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3470.20879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 393216 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 393216 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 163840 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3470.20932__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 163840 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3470.20932__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 270336 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 270336 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 262144 c:\windows\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2600.29179__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 262144 c:\windows\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2600.29179__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 360448 c:\windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 360448 c:\windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 225280 c:\windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 225280 c:\windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 143360 c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 143360 c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 212992 c:\windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 212992 c:\windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 135168 c:\windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 135168 c:\windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
- 2008-07-29 14:05 . 2008-07-29 14:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 14:05 . 2008-07-29 14:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2011-08-02 13:01 . 2011-08-02 13:01 1040824 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1161629.exe
+ 2011-07-29 09:40 . 2011-07-29 09:40 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2011-08-02 12:45 . 2011-08-02 12:45 1740800 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2011-08-25 21:11 . 2011-08-25 21:11 5451776 c:\windows\Installer\d2426e.msi
+ 2011-08-25 02:29 . 2011-08-25 02:29 1094656 c:\windows\Installer\1e60fd5.msi
- 2010-05-18 00:32 . 2010-05-18 00:32 1032192 c:\windows\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3470.20892__90ba9c70f846762e\CLI.Component.Eeu.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 1032192 c:\windows\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3470.20892__90ba9c70f846762e\CLI.Component.Eeu.DLL
- 2010-05-18 00:32 . 2010-05-18 00:32 1212416 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3470.20831__90ba9c70f846762e\CLI.Component.Dashboard.DLL
+ 2011-08-20 05:40 . 2011-08-20 05:40 1212416 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3470.20831__90ba9c70f846762e\CLI.Component.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 1007616 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3470.20856__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 1007616 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3470.20856__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL
- 2010-05-18 00:33 . 2010-05-18 00:33 1732608 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
+ 2011-08-20 05:41 . 2011-08-20 05:41 1732608 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
+ 2011-08-25 21:09 . 2011-08-25 21:09 29625856 c:\windows\Downloaded Installations\{4AD32264-C7AC-4D90-903E-7924D78E1300}\Maxtor Manager.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Nick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Nick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Nick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Nick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-18 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"Trend Micro Browser Guard"="c:\program files\Trend Micro\Browser Guard\BGUI.EXE" [2011-02-26 787984]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-08-26 6394688]
.
c:\documents and settings\Nick\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Nick\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Wireless Assistant.lnk - c:\windows\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2011-8-17 2238]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-01-05 19:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Nick\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Nick\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:TCP"= 67:TCP:network
"68:TCP"= 68:TCP:Network2
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/1/2010 8:16 PM 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/21/2011 2:45 PM 207280]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [8/27/2004 9:18 AM 97920]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [5/20/2004 10:35 AM 10240]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [8/21/2011 2:52 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [8/21/2011 2:52 PM 59664]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/1/2010 8:16 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/1/2010 8:16 PM 243152]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/21/2011 2:45 PM 233136]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/21/2010 6:51 PM 93360]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/5/2011 12:38 PM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/5/2011 12:38 PM 308136]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [8/21/2011 2:52 PM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/17/2011 9:16 AM 366640]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [8/19/2011 11:52 PM 439632]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [8/23/2011 11:25 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 MBAMProtector;MBAMProtector; [x]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [8/21/2011 2:45 PM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/21/2011 2:45 PM 365280]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1715567821-725345543-1003Core.job
- c:\documents and settings\Nick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-02 06:22]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1715567821-725345543-1003UA.job
- c:\documents and settings\Nick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-02 06:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-29 12:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC34 -> Harddisk0\DR0 -> \Device\Scsi\si3112r1Port2Path0Target0Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 976773038 (+127): user != kernel
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Spyware Doctor\TFEngine\TFNI.dll
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(1028)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(4836)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\documents and settings\Nick\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-29 13:29:54
ComboFix-quarantined-files.txt 2011-08-29 20:29
ComboFix2.txt 2011-08-18 18:01
.
Pre-Run: 133,614,501,888 bytes free
Post-Run: 134,180,311,040 bytes free
.
- - End Of File - - 454702FD06BCEE7CA292A9ABB5780080

#8 pdfvirusraped

pdfvirusraped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 29 August 2011 - 04:04 PM

TDSS Log - It did find one instance -


2011/08/29 13:57:21.0359 3468 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/29 13:57:23.0250 3468 ================================================================================
2011/08/29 13:57:23.0250 3468 SystemInfo:
2011/08/29 13:57:23.0250 3468
2011/08/29 13:57:23.0250 3468 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/29 13:57:23.0250 3468 Product type: Workstation
2011/08/29 13:57:23.0250 3468 ComputerName: NICK-S7FA570V3Q
2011/08/29 13:57:23.0250 3468 UserName: Nick
2011/08/29 13:57:23.0250 3468 Windows directory: C:\WINDOWS
2011/08/29 13:57:23.0250 3468 System windows directory: C:\WINDOWS
2011/08/29 13:57:23.0250 3468 Processor architecture: Intel x86
2011/08/29 13:57:23.0250 3468 Number of processors: 1
2011/08/29 13:57:23.0250 3468 Page size: 0x1000
2011/08/29 13:57:23.0250 3468 Boot type: Normal boot
2011/08/29 13:57:23.0250 3468 ================================================================================
2011/08/29 13:57:23.0937 3468 Initialize success
2011/08/29 13:57:26.0718 4612 ================================================================================
2011/08/29 13:57:26.0718 4612 Scan started
2011/08/29 13:57:26.0718 4612 Mode: Manual;
2011/08/29 13:57:26.0718 4612 ================================================================================
2011/08/29 13:57:27.0718 4612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/29 13:57:27.0875 4612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/29 13:57:28.0046 4612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/29 13:57:28.0203 4612 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/29 13:57:28.0593 4612 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/08/29 13:57:28.0796 4612 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/29 13:57:29.0109 4612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/29 13:57:29.0234 4612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/29 13:57:29.0609 4612 ati2mtag (02b985fc4d5ba17e528f7c9f889f7d22) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/29 13:57:29.0968 4612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/29 13:57:30.0093 4612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/29 13:57:30.0265 4612 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/08/29 13:57:30.0406 4612 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/08/29 13:57:30.0468 4612 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2011/08/29 13:57:30.0578 4612 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/08/29 13:57:30.0703 4612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/29 13:57:31.0031 4612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/29 13:57:31.0234 4612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/29 13:57:31.0375 4612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/29 13:57:31.0515 4612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/29 13:57:31.0843 4612 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
2011/08/29 13:57:31.0937 4612 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
2011/08/29 13:57:32.0156 4612 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/08/29 13:57:32.0250 4612 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/08/29 13:57:32.0390 4612 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
2011/08/29 13:57:32.0515 4612 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
2011/08/29 13:57:32.0781 4612 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/08/29 13:57:33.0031 4612 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
2011/08/29 13:57:33.0218 4612 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
2011/08/29 13:57:33.0281 4612 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/08/29 13:57:33.0421 4612 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
2011/08/29 13:57:33.0562 4612 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
2011/08/29 13:57:33.0640 4612 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/08/29 13:57:33.0906 4612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/29 13:57:34.0062 4612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/29 13:57:34.0437 4612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/29 13:57:34.0531 4612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/29 13:57:34.0656 4612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/29 13:57:34.0828 4612 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/08/29 13:57:34.0953 4612 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/08/29 13:57:35.0125 4612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/29 13:57:35.0250 4612 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/08/29 13:57:35.0359 4612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/29 13:57:35.0531 4612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/29 13:57:35.0671 4612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/29 13:57:35.0796 4612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/29 13:57:35.0953 4612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/29 13:57:36.0140 4612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/29 13:57:36.0250 4612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/29 13:57:36.0421 4612 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/29 13:57:36.0546 4612 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/29 13:57:36.0656 4612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/29 13:57:36.0812 4612 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/08/29 13:57:36.0953 4612 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/08/29 13:57:37.0078 4612 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/08/29 13:57:37.0203 4612 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/29 13:57:37.0359 4612 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/29 13:57:37.0562 4612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/29 13:57:37.0765 4612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/29 13:57:37.0953 4612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/29 13:57:38.0234 4612 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/29 13:57:38.0359 4612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/29 13:57:38.0484 4612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/29 13:57:38.0593 4612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/29 13:57:38.0750 4612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/29 13:57:38.0843 4612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/29 13:57:38.0968 4612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/29 13:57:39.0125 4612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/29 13:57:39.0234 4612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/29 13:57:39.0343 4612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/29 13:57:39.0750 4612 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/08/29 13:57:39.0843 4612 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/08/29 13:57:40.0062 4612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/29 13:57:40.0218 4612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/29 13:57:40.0359 4612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/29 13:57:40.0500 4612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/29 13:57:40.0640 4612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/29 13:57:40.0843 4612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/29 13:57:40.0968 4612 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/29 13:57:41.0281 4612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/29 13:57:41.0406 4612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/29 13:57:41.0546 4612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/29 13:57:41.0656 4612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/29 13:57:41.0734 4612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/29 13:57:41.0906 4612 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/08/29 13:57:42.0093 4612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/29 13:57:42.0203 4612 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/08/29 13:57:42.0437 4612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/29 13:57:42.0609 4612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/29 13:57:42.0671 4612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/29 13:57:42.0750 4612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/29 13:57:42.0890 4612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/29 13:57:42.0984 4612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/29 13:57:43.0140 4612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/29 13:57:43.0328 4612 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/29 13:57:43.0500 4612 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2011/08/29 13:57:43.0609 4612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/29 13:57:43.0734 4612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/29 13:57:43.0937 4612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/29 13:57:44.0078 4612 nvax (a9af177d2543315108bd974e469f4d45) C:\WINDOWS\system32\drivers\nvax.sys
2011/08/29 13:57:44.0218 4612 NVENET (e07c1f16e5a4e32fc3c0f62b59815ef0) C:\WINDOWS\system32\DRIVERS\NVENET.sys
2011/08/29 13:57:44.0406 4612 nvnforce (ab0f1072ac0e24567effcb0c4f3499f5) C:\WINDOWS\system32\drivers\nvapu.sys
2011/08/29 13:57:44.0796 4612 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/08/29 13:57:44.0906 4612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/29 13:57:45.0031 4612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/29 13:57:45.0171 4612 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/29 13:57:45.0312 4612 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/08/29 13:57:45.0453 4612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/29 13:57:45.0562 4612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/29 13:57:45.0718 4612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/29 13:57:45.0796 4612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/29 13:57:45.0984 4612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/29 13:57:46.0078 4612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/29 13:57:46.0187 4612 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/08/29 13:57:46.0312 4612 pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/08/29 13:57:46.0437 4612 pctplsg (95a8562701e6b4494993847f85b2d60e) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/08/29 13:57:47.0000 4612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/29 13:57:47.0125 4612 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/29 13:57:47.0250 4612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/29 13:57:47.0343 4612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/29 13:57:47.0718 4612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/29 13:57:47.0843 4612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/29 13:57:47.0968 4612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/29 13:57:48.0046 4612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/29 13:57:48.0171 4612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/29 13:57:48.0281 4612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/29 13:57:48.0390 4612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/29 13:57:48.0546 4612 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/29 13:57:48.0656 4612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/29 13:57:48.0906 4612 SBRE (72aecf54aac22b20956d08610972b5a1) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/08/29 13:57:49.0046 4612 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/29 13:57:49.0234 4612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/29 13:57:49.0343 4612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/29 13:57:49.0453 4612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/29 13:57:49.0609 4612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/29 13:57:49.0734 4612 si3112r (0917eb303a2bc3e122f2777daef1a63c) C:\WINDOWS\system32\drivers\si3112r.sys
2011/08/29 13:57:49.0796 4612 SiFilter (78b1a1523265e5dbcced0c814ac719de) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2011/08/29 13:57:49.0953 4612 SiWinAcc (78b1a1523265e5dbcced0c814ac719de) C:\WINDOWS\system32\drivers\SiWinAcc.sys
2011/08/29 13:57:50.0125 4612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/29 13:57:50.0218 4612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/29 13:57:50.0343 4612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/29 13:57:50.0468 4612 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/29 13:57:50.0562 4612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/29 13:57:50.0656 4612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/29 13:57:50.0984 4612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/29 13:57:51.0171 4612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/29 13:57:51.0281 4612 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/08/29 13:57:51.0375 4612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/29 13:57:51.0500 4612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/29 13:57:51.0609 4612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/29 13:57:51.0781 4612 TfFsMon (d2a1cd31200a6c9d3dfad022503e4836) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/08/29 13:57:51.0875 4612 TfNetMon (3e3a544d10b0ac1c4c133048f84390ac) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/08/29 13:57:51.0937 4612 TfSysMon (706be7328a35c39dbe449e10c1ac6a38) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/08/29 13:57:52.0140 4612 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/08/29 13:57:52.0250 4612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/29 13:57:52.0406 4612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/29 13:57:52.0578 4612 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/29 13:57:52.0687 4612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/29 13:57:52.0765 4612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/29 13:57:52.0921 4612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/29 13:57:53.0062 4612 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/29 13:57:53.0171 4612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/29 13:57:53.0328 4612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/29 13:57:53.0468 4612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/29 13:57:53.0609 4612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/29 13:57:53.0765 4612 W8335XP (738244934c71118a21f8d678067d057d) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
2011/08/29 13:57:53.0921 4612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/29 13:57:54.0078 4612 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/29 13:57:54.0203 4612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/29 13:57:54.0453 4612 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/29 13:57:54.0593 4612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/29 13:57:54.0718 4612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/29 13:57:54.0875 4612 yukonwxp (4fd408e42b3e516732e607bed06f39fb) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
2011/08/29 13:57:55.0046 4612 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/08/29 13:57:55.0062 4612 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/08/29 13:57:55.0078 4612 Boot (0x1200) (14c40b723540e4bc3a957351d19ca959) \Device\Harddisk0\DR0\Partition0
2011/08/29 13:57:55.0109 4612 ================================================================================
2011/08/29 13:57:55.0109 4612 Scan finished
2011/08/29 13:57:55.0109 4612 ================================================================================
2011/08/29 13:57:55.0140 4448 Detected object count: 1
2011/08/29 13:57:55.0140 4448 Actual detected object count: 1
2011/08/29 13:58:15.0140 4448 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/08/29 13:58:15.0140 4448 \Device\Harddisk0\DR0 - ok
2011/08/29 13:58:15.0140 4448 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/29 13:59:09.0921 5772 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 29 August 2011 - 06:44 PM

That looks very good - I want you to rerun combofix again and send me the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pdfvirusraped

pdfvirusraped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 30 August 2011 - 12:03 PM

ComboFix 11-08-27.01 - Nick 08/30/2011 1:12.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.537 [GMT -7:00]
Running from: c:\documents and settings\Nick\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
I:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2074-05-08 01:38 . 2006-11-22 03:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-08-27 07:32 . 2011-08-27 07:32 -------- d-----w- C:\temp
2011-08-26 06:31 . 2011-08-29 16:46 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-26 06:31 . 2011-08-26 06:31 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-26 06:29 . 2011-08-26 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-08-26 06:11 . 2011-08-26 06:11 -------- d-----w- c:\documents and settings\Nick\Application Data\Qualys
2011-08-25 21:11 . 2011-08-25 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Maxtor
2011-08-25 21:11 . 2011-08-25 21:11 -------- d-----w- c:\program files\Maxtor
2011-08-25 21:06 . 2011-08-25 21:06 -------- d-sh--w- c:\windows\ftpcache
2011-08-25 17:56 . 2011-08-25 17:56 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Safe mirror
2011-08-25 17:48 . 2011-08-26 00:23 -------- d-----w- c:\program files\Cobian Backup 10
2011-08-25 02:29 . 2011-08-25 02:29 388096 ------r- c:\documents and settings\Nick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-23 18:25 . 2011-08-23 18:25 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2011-08-23 15:16 . 2011-08-23 15:21 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Browser Guard
2011-08-21 23:42 . 2008-04-14 00:12 23552 -c--a-w- c:\windows\system32\dllcache\wdmaud.drv
2011-08-21 23:42 . 2008-04-14 00:12 23552 ----a-w- c:\windows\system32\wdmaud.drv
2011-08-21 21:52 . 2010-02-02 17:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-21 21:52 . 2010-02-02 17:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-08-21 21:52 . 2010-02-02 17:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-08-21 21:45 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-21 21:45 . 2009-10-06 23:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-21 21:45 . 2009-09-23 23:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-21 21:45 . 2010-02-05 16:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-21 21:45 . 2011-08-29 17:23 -------- d-----w- c:\program files\Spyware Doctor
2011-08-21 21:45 . 2011-08-21 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-08-21 21:45 . 2011-08-21 21:52 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-21 21:45 . 2011-08-21 21:45 -------- d-----w- c:\documents and settings\Nick\Application Data\PC Tools
2011-08-21 21:41 . 2011-08-21 21:44 -------- d-----w- c:\documents and settings\Nick\Application Data\GetRightToGo
2011-08-20 07:03 . 2011-08-20 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-08-20 06:52 . 2011-08-20 06:52 -------- d-----w- c:\program files\WinPcap
2011-08-20 06:52 . 2011-08-25 02:29 -------- d-----w- c:\program files\Trend Micro
2011-08-18 21:20 . 2011-08-18 21:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 07:50 . 2011-08-18 07:50 -------- d-----w- c:\documents and settings\Nick\Application Data\FixCleaner
2011-08-18 07:50 . 2011-08-26 00:23 -------- d-----w- c:\program files\FixCleaner
2011-08-18 00:07 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-08-18 00:07 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-08-18 00:07 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-08-18 00:07 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-08-18 00:07 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-08-18 00:06 . 2011-08-26 00:24 -------- d-----w- c:\program files\Trojan Remover
2011-08-17 18:00 . 2011-08-17 18:00 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\PCHealth
2011-08-17 16:16 . 2011-08-17 16:16 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2011-08-17 16:16 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 16:15 . 2011-08-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-17 16:15 . 2011-08-17 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-10 20:27 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 20:26 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 22:03 . 2011-08-09 22:03 -------- d-----w- c:\program files\Common Files\Java
2011-08-09 22:00 . 2011-08-09 21:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-09 17:05 . 2011-08-09 17:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-09 08:02 . 2011-08-09 08:02 -------- d-sh--w- c:\documents and settings\Nick\IECompatCache
2011-08-01 08:46 . 2011-08-01 08:46 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 18:23 . 2010-05-06 21:07 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-23 18:23 . 2010-05-02 02:53 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-09 21:59 . 2010-09-13 21:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-02 08:58 . 2010-05-02 22:46 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-15 13:29 . 2002-08-29 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-05-02 02:18 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 14:02 . 2002-08-29 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-29_19.43.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-29 21:01 . 2011-08-29 21:01 16384 c:\windows\Temp\Perflib_Perfdata_218.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Nick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Nick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Nick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Nick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-18 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"Trend Micro Browser Guard"="c:\program files\Trend Micro\Browser Guard\BGUI.EXE" [2011-02-26 787984]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-08-26 6394688]
.
c:\documents and settings\Nick\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Nick\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Wireless Assistant.lnk - c:\windows\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2011-8-17 2238]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-01-05 19:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Nick\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Nick\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:TCP"= 67:TCP:network
"68:TCP"= 68:TCP:Network2
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/1/2010 8:16 PM 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/21/2011 2:45 PM 207280]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [8/27/2004 9:18 AM 97920]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [5/20/2004 10:35 AM 10240]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [8/21/2011 2:52 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [8/21/2011 2:52 PM 59664]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/1/2010 8:16 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/1/2010 8:16 PM 243152]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/21/2011 2:45 PM 233136]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/21/2010 6:51 PM 93360]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/5/2011 12:38 PM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/5/2011 12:38 PM 308136]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [8/19/2011 11:52 PM 439632]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/17/2011 9:16 AM 366640]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [8/23/2011 11:25 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 MBAMProtector;MBAMProtector; [x]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [8/21/2011 2:45 PM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/21/2011 2:45 PM 365280]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [8/21/2011 2:52 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1715567821-725345543-1003Core.job
- c:\documents and settings\Nick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-02 06:22]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1715567821-725345543-1003UA.job
- c:\documents and settings\Nick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-02 06:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-30 01:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(1008)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-08-30 01:27:20
ComboFix-quarantined-files.txt 2011-08-30 08:27
ComboFix2.txt 2011-08-29 20:30
ComboFix3.txt 2011-08-18 18:01
.
Pre-Run: 134,391,119,872 bytes free
Post-Run: 135,447,937,024 bytes free
.
- - End Of File - - DB8C480BEB7AC77B83ABACC95CF20E30

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 30 August 2011 - 12:18 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 02 September 2011 - 01:17 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 pdfvirusraped

pdfvirusraped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 04 September 2011 - 08:46 PM

MBAM log -

Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



HIJACK this LOG -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:35:33 PM, on 9/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Documents and Settings\Nick\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\AVG\AVG9\avgsrmax.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: IEGBH0 - {9F3209E2-334B-41E9-B09C-703F398742E7} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll
O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Nick\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272770512187
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 11804 bytes


Computer runs great.. however I am getting a lot of spam emails now and also got an email today saying that I had just registered at Nike.com.. .. which I personally did not.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 04 September 2011 - 08:58 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
      O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Nick\Application Data\Dropbox\bin\Dropbox.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]



If you have any problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 pdfvirusraped

pdfvirusraped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 05 September 2011 - 03:28 AM

ESET Log -


C:\Documents and Settings\Nick\My Documents\Downloads\FreeYouTubeDownloaderSetup.exe multiple threats
C:\Documents and Settings\Nick\My Documents\Downloads\setup-aw.exe Win32/Toolbar.Zugo application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users